Forum Discussion
aj1
Nimbostratus
NimbostratusIP Forwarding Virtual Server v/s SNAT
Trying to understand the difference between the two. Can either one of them be used for forwarding traffic from load balanced nodes (private addresses) to the internet?
We have LTMs in an HA pa...
nitass
Employee
Employeeunless the vserver used for SNAT'ing (snat 190.191.192.193) is not defined in a SNAT pool (apart from being a vserver object), the rule did not work.
if you run tcpdump on bigip, do you see 190.191.192.193 on egress vlan? if yes but you do not see response packet, upstream device may not know how to send response packet back to bigip. adding 190.191.192.193 as snatpool member will enable arp for 190.191.192.193. there is arp setting on virtual server address too.
At this point, does the traffic get forwarded to the node 10.10.10.1:8821 or does it get load balanced to the pool instead (as is the case with a standard vserver).
the response packet will not hit virtual server 190.191.192.193:25 because destination address is 190.191.192.193:8821. it will hit existing connection which is created when bigip sends request (via wildcard forwarding virtual server).
does an IP forwarding vserver maintain the connection's state in LTM's connection table (tmsh show /sys connection)?
yes unless you modify profile setting which is assigned to virtual server.